What is SonarQube and why it is needed for C# and VB.Net?
SonarQube is a code quality analysis tool to detect bugs, vulnerabilities, and code smell in C#, VB.NET, XAML, XML, ASP.NET, ASP.NET MVC, ASP.NET Core, JavaScript, TypeScript, HTML, CSS, code. It can integrate with your existing workflow to enable continuous code inspection across your project branches and pull requests. And also it can instantly detect errors and problems before you even compile.
Why SonarQube or any other code analysis required?
SonarQube reduces code quality problems and helps to reduce the number of potential future problems and increase the readability of the code. More importantly, it increases productivity by enabling development teams to detect and muzzle duplication and redundancy of code. SonarQube facilitates the team members to reduce the size of the application, code complexity, maintenance time, and cost and make code easy to read and understand.
How to use or install SonarQube in Visual Studio and Visual Studio Code?
There are two ways to use this SonarQube tool to analyze the code C#, VB.NET, ASP.NET, ASP.NET MVC, ASP.NET Core and other related technologies.
- Analysis using SonarQube plugin or extension of Visual Studio and Visual Studio Code.
- Analysis using MS Build.
SonarQube as an extension of Visual Studio
For Visual Studio there is an official plugin from SonarQube by the name SonarLint. Out-of-the-box, SonarLint reports issues on the files you’re editing and we get analysis of C# and VB.NET as you type. SonarLint is integrated with the Microsoft Code Analysis framework, so rules for C# and VB.NET can be fine-tuned in the .ruleset file used by our project. The set of active rules can also be tuned for JavaScript, C++, and C.
To add SonarLint extension to Visual Studio Go to Tools -> Extension and search for SonarLint as shown in below image.
We can download SonarLint and install the extension to Visual Studio.
SonarQube as an extension of Visual Studio Code
For VS Code there is an official plugin from SonarQube by the name SonarLint. This extension works the same as for Visual Studio and during the code editing time itself, SonarLint will give suggestions about code quality.
To install SonarQube or SonarLint in VS code, Go to Extensions and search for SonarLint as shown in the below image.
We can Install SonarLint extension to Visual Studio Code with above option.
SonarLint will not give the overall or complete report about the project
SonarLint is just an extension for IDE and it will not give overall summary or complete report of the project. SonarLint will show problems when a file is in editor mode, but it can not show as overall project code quality statistics. This is a big drawback in SonarLint, but its a open source project and for free we can not expect more features.
To get complete analysis of the project, we need to have actual SonarQube software. The actual SonarQube software will provide complete project analysis and it will generate report with in detail summary with appropriate suggestion for the code quality problems. Below image shows glimpse of SonarQube software report
Installing Actual SonarQube software for C# .Net, VB .Net projects
As mentioned previously to get complete analysis of the project or of entire solution (multiple projects in one solution) for C#, VB.Net, ASP.NET, ASP.NET Core, WPF, WCF, Windows Applications, Windows Serveries and for all the technologies we supposed to install the actual SonarQube software itself not just extension or plugin.
Is SonarQube code analysis tool/software is free?
SonarLint extension is absolutely free and it’s an open-source project as mentioned earlier. But SonarQube has different verity with different purposes. That SonarQube Community Edition is a free and open-source project. All SonarQube software variety and features are shown below as a comparison.
Based on the requirement one can choose from the above on the official SonarQube Download page. SonarQube Community edition is enough for general purpose and normal uses. SonarQube Community edition will serve a basic needs which are static code analysis, so we can say SonarQube is free software. For advancement, users can for paid versions based on requirements. The good news is the user can try Developer and Enterprise editions for a limited period. Then they can take further decisions.
SonarQube Community Edition Installation Steps
In this section, we shall see step by step procedure of SonarQube installation for C#, VB.Net, ASP.Net, ASP.Net Core, WPF, and all .Net related technologies. The below steps may vary based on the evolution of SonarQube Community software, but the below steps will definitely help us to install SonarQube Community edition for a long time and at least it will give an idea of SonarQube Community Edition Installation. SonarQube installation steps are given for the windows operating system.
Step 1: Download SonarQube Community Edition software
Download SonarQube Community Edition from the official SonarQube website. Once downloaded, the user can extract the zip file. After extracting the zip we can able to see the source code of the SonarBube community edition which is a web application. As of this article creation, SonarQube-8.6.0.39681 is the latest stable version.
Step 2: Unzip SonarQube Community Edition software
Once SonarQube source code is available on the local computer, navigate to sonarqube-8.6.0.39681\bin\windows-x86-64\, there you can find a bat file by the name StartSonar.bat
Step 3: Start Sonar Service
Sonar Service is the main part of SonarQube software, which runs the software. To run Sonar Service, the user needs to open StartSonar.bat file. If Java 11 is not installed then, we will get an exception saying java.lang.IllegalStateException: SonarQube requires Java 11 to run
Step 4: To Run Sonar Service, Install Java 11 if not installed already
Install the 11th version of Java JDK to your machine where you wish to run the SonarQube tool. If already installed, make sure it’s Java JDK 11. User can download the Java JDK 11 and install using official Java JDK Download page.
As of this article creation SonarQube-8.6.0.39681 works only with Java JDK 11. So user should not have exactly Java JDK 11.X version and not older or newer version than Java JDK 11.
Step 5: Configure Java JDK path in wrapper.conf file:
In order for Sonar Service to run Java JDK 11 require, which we installed already. But Sonar Service needs to know the path of Java JDK 11 path. To inform Sonar Service about Java JDK 11 path, we have to mention the Java JDK path in wrapper.conf file. This wrapper.conf will be available in sonarqube-8.6.0.39681\conf folder.
Open the wrapper.conf file with any text editor and replace wrapper.java.command=Java JDK 11 path in place of wrapper.java.command=Java as shown in the below image.
User have to mention wrapper.java.command=C:/Program Files/Java/jdk-11.0.10/bin/java like this in wrapper.conf file. In my computer java jdak 11 was installed in C:\Program Files\Java\jdk-11.0.10\bin folder.
Once the path saved in the wrapper.conf file, the user needs to open StartSonar.bat file to run Sonar Service. After opening StartSonar.bat user should wait for some time.
If there is no error observed in the StartSonar window and the user able to see “SonarQube is up” message on the console window of SonarQube, then SonarQube started successfully. Minimize the window and navigate to http://localhost:9000 in the web browser.
Step 6: Login and start using SonarQube Software
Once SonarQube started using StartSonar.bat file, the user able to go to the web browser and navigate to http://localhost:9000
Note: SonarQube console window should be minimized.
SonarQube software will ask user to login to continue. Default Login Name and Password to login:
- Login Name: admin
- Password: admin
After login user can update login credentials instead of default credentials to login.
Conclusion
The above tutorial is about the Installation of the SonarQube for Visual Studio, Visual Code (as an extension), and the actual SonarQube tool (for complete project analysis). SonarQube community edition is enough for most of the projects and it servers the actual purpose of code analysis. Java JDK 11 is the only compatible version with SonarQube 8.x as of this article creation day. Users need to specify the JDK path in the wrapper.conf file and then they can start the SonarQube server using StartSonar.bat file.
This tutorial is like Part 1 of SonarQube setup out of 2 parts. Part 2 will have the tutorial about how to use and first time setup of SonarQube tool. Please check Part 2 for a complete tutorial about SonarQube.